"Linux Malware on the Rise"
Attackers have increasingly targeted Linux environments due to the frequent use of Linux as the basis for cloud services, virtual-machine hosts, and container-based infrastructure. According to VMware's "Exposing Malware in Linux-Based Multi-Cloud Environments" report, there has been an increase in the number of ransomware programs targeting Linux hosts to infect virtual-machine images or containers. The report also revealed a rise in the use of cryptojacking to monetize illicit access as well as over 14,000 instances of the red-team tool Cobalt Strike, 56 percent of which are pirated copies used by criminals or companies that have not purchased licenses. The red-team tool has grown so popular as a way to manage compromised machines that underground developers have created their own protocol-compatible version of the Windows program for Linux. Initial access by attackers on the Linux side is often achieved through credential theft. Giovanni Vigna, senior director of threat intelligence at VMware, pointed out that stolen credentials often give attackers more time to explore a victim's network than remote code execution. Attackers have developed various tools to compromise and monetize compromised Linux systems, including ransomware, crypto-miners, implants from remote access management software, and more. This article continues to discuss key findings surrounding the increased targeting of Linux in multi-cloud infrastructure.
Dark Reading reports "Linux Malware on the Rise"